./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor977142493 <...> T28] audit: type=1400 audit(1710577950.775:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.522811][ T28] audit: type=1400 audit(1710577950.775:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.792217][ T228] sftp-server (228) used greatest stack depth: 22448 bytes left Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. execve("./syz-executor977142493", ["./syz-executor977142493"], 0x7ffecb3f00c0 /* 10 vars */) = 0 brk(NULL) = 0x5555564ec000 brk(0x5555564ecd40) = 0x5555564ecd40 arch_prctl(ARCH_SET_FS, 0x5555564ec3c0) = 0 set_tid_address(0x5555564ec690) = 294 set_robust_list(0x5555564ec6a0, 24) = 0 rseq(0x5555564ecce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor977142493", 4096) = 27 getrandom("\x80\x0f\x16\x54\xf5\xc7\x67\xa4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555564ecd40 brk(0x55555650dd40) = 0x55555650dd40 brk(0x55555650e000) = 0x55555650e000 mprotect(0x7fbffa0ab000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 296 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 297 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 298 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x5555564ec690) = 301 [pid 299] <... clone resumed>, child_tidptr=0x5555564ec690) = 303 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x5555564ec6a0, 24./strace-static-x86_64: Process 301 attached ) = 0 ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 297 attached [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] set_robust_list(0x5555564ec6a0, 24 [pid 295] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 304 [ 21.056667][ T28] audit: type=1400 audit(1710577959.325:66): avc: denied { execmem } for pid=294 comm="syz-executor977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.077421][ T28] audit: type=1400 audit(1710577959.345:67): avc: denied { read write } for pid=295 comm="syz-executor977" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 303] <... prctl resumed>) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7fbffa04dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbffa03f130}, NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fc5000 [pid 303] mprotect(0x7fbff9fc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fe5990, parent_tid=0x7fbff9fe5990, exit_signal=0, stack=0x7fbff9fc5000, stack_size=0x20300, tls=0x7fbff9fe56c0} => {parent_tid=[305]}, 88) = 305 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... set_robust_list resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7fbffa04dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbffa03f130}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fc5000 [pid 301] mprotect(0x7fbff9fc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fe5990, parent_tid=0x7fbff9fe5990, exit_signal=0, stack=0x7fbff9fc5000, stack_size=0x20300, tls=0x7fbff9fe56c0} => {parent_tid=[306]}, 88) = 306 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 307 [pid 297] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 ./strace-static-x86_64: Process 307 attached ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached ./strace-static-x86_64: Process 304 attached [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564ec690) = 308 [pid 307] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fbffa04dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbffa03f130}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fc5000 [pid 307] mprotect(0x7fbff9fc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fe5990, parent_tid=0x7fbff9fe5990, exit_signal=0, stack=0x7fbff9fc5000, stack_size=0x20300, tls=0x7fbff9fe56c0} => {parent_tid=[309]}, 88) = 309 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] set_robust_list(0x7fbff9fe59a0, 24) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 306] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 306] futex(0x7fbffa0b13e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 0 [pid 306] mkdir("./file0", 0777 [pid 301] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... mkdir resumed>) = 0 [pid 306] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 305] set_robust_list(0x7fbff9fe59a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 305] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 305] futex(0x7fbffa0b13e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 303] <... futex resumed>) = 0 [pid 305] mkdir("./file0", 0777 [pid 303] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... mkdir resumed>) = -1 EEXIST (File exists) ./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 308 attached [pid 305] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"... [pid 304] set_robust_list(0x5555564ec6a0, 24 [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 309] set_robust_list(0x7fbff9fe59a0, 24) = 0 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 309] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 309] futex(0x7fbffa0b13e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 309] mkdir("./file0", 0777 [ 21.102951][ T28] audit: type=1400 audit(1710577959.345:68): avc: denied { open } for pid=299 comm="syz-executor977" path="/dev/loop4" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.127152][ T28] audit: type=1400 audit(1710577959.345:69): avc: denied { ioctl } for pid=299 comm="syz-executor977" path="/dev/loop4" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 307] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 309] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 308] set_robust_list(0x5555564ec6a0, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7fbffa04dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbffa03f130}, NULL, 8) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fc5000 [pid 308] mprotect(0x7fbff9fc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fe5990, parent_tid=0x7fbff9fe5990, exit_signal=0, stack=0x7fbff9fc5000, stack_size=0x20300, tls=0x7fbff9fe56c0} => {parent_tid=[310]}, 88) = 310 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... set_robust_list resumed>) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7fbffa04dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbffa03f130}, NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fc5000 [pid 304] mprotect(0x7fbff9fc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fe5990, parent_tid=0x7fbff9fe5990, exit_signal=0, stack=0x7fbff9fc5000, stack_size=0x20300, tls=0x7fbff9fe56c0} => {parent_tid=[311]}, 88) = 311 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7fbff9fe59a0, 24) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 310] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 310] mkdir("./file0", 0777 [pid 308] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 308] <... futex resumed>) = 0 [pid 310] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"... [pid 308] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... mount resumed>) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7fbff9fe59a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 311] futex(0x7fbffa0b13ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 311] mkdir("./file0", 0777 [pid 304] futex(0x7fbffa0b13e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 304] <... futex resumed>) = 0 [pid 311] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"... [pid 304] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... mount resumed>) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fa4000 [pid 301] mprotect(0x7fbff9fa5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fc4990, parent_tid=0x7fbff9fc4990, exit_signal=0, stack=0x7fbff9fa4000, stack_size=0x20300, tls=0x7fbff9fc46c0} => {parent_tid=[312]}, 88) = 312 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7fbff9fc49a0, 24) = 0 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] read(3, [pid 303] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 303] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fa4000 [pid 303] mprotect(0x7fbff9fa5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fc4990, parent_tid=0x7fbff9fc4990, exit_signal=0, stack=0x7fbff9fa4000, stack_size=0x20300, tls=0x7fbff9fc46c0} => {parent_tid=[313]}, 88) = 313 [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 21.152756][ T28] audit: type=1400 audit(1710577959.395:70): avc: denied { read write } for pid=301 comm="syz-executor977" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 21.176213][ T28] audit: type=1400 audit(1710577959.395:71): avc: denied { open } for pid=301 comm="syz-executor977" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 307] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 303] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] <... futex resumed>) = 0 [pid 307] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9fa4000 [pid 307] mprotect(0x7fbff9fa5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fc4990, parent_tid=0x7fbff9fc4990, exit_signal=0, stack=0x7fbff9fa4000, stack_size=0x20300, tls=0x7fbff9fc46c0} [pid 312] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x01\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 312] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... clone3 resumed> => {parent_tid=[314]}, 88) = 314 [pid 312] <... futex resumed>) = 1 [pid 307] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... futex resumed>) = 0 [pid 312] futex(0x7fbffa0b13f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 312] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24 [pid 307] <... futex resumed>) = 0 [pid 301] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... write resumed>) = 24 [pid 307] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 312] mount("./file0", "./file0", "incremental-fs", 0, NULL [pid 301] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x7fbff9fc49a0, 24) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x01\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 313] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 313] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24 [pid 303] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... write resumed>) = 24 [pid 303] <... futex resumed>) = 0 [pid 313] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 313] mount("./file0", "./file0", "incremental-fs", 0, NULL [pid 303] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x7fbff9fc49a0, 24) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x01\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 314] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 314] <... futex resumed>) = 1 [pid 308] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 314] futex(0x7fbffa0b13f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 307] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 307] <... futex resumed>) = 0 [pid 314] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24 [pid 308] <... mmap resumed>) = 0x7fbff9fa4000 [pid 307] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... write resumed>) = 24 [pid 308] mprotect(0x7fbff9fa5000, 131072, PROT_READ|PROT_WRITE [pid 314] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... mprotect resumed>) = 0 [pid 314] <... futex resumed>) = 1 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [pid 307] <... futex resumed>) = 0 [pid 314] futex(0x7fbffa0b13f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... rt_sigprocmask resumed>[], 8) = 0 [pid 307] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fc4990, parent_tid=0x7fbff9fc4990, exit_signal=0, stack=0x7fbff9fa4000, stack_size=0x20300, tls=0x7fbff9fc46c0} [pid 307] <... futex resumed>) = 0 [pid 314] mount("./file0", "./file0", "incremental-fs", 0, NULL [pid 307] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... clone3 resumed> => {parent_tid=[315]}, 88) = 315 [pid 308] rt_sigprocmask(SIG_SETMASK, [], [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] futex(0x7fbffa0b13ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}./strace-static-x86_64: Process 315 attached [pid 308] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 315] set_robust_list(0x7fbff9fc49a0, 24 [pid 308] <... futex resumed>) = 0 [pid 304] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... set_robust_list resumed>) = 0 [pid 308] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] <... mmap resumed>) = 0x7fbff9fa4000 [pid 315] read(3, [pid 304] mprotect(0x7fbff9fa5000, 131072, PROT_READ|PROT_WRITE [pid 315] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x01\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 304] <... mprotect resumed>) = 0 [pid 315] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 315] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 0 [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 315] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24 [pid 308] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fc4990, parent_tid=0x7fbff9fc4990, exit_signal=0, stack=0x7fbff9fa4000, stack_size=0x20300, tls=0x7fbff9fc46c0} [pid 315] <... write resumed>) = 24 [pid 308] <... futex resumed>) = 0 [pid 315] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... clone3 resumed> => {parent_tid=[316]}, 88) = 316 [pid 315] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 315] mount("./file0", "./file0", "incremental-fs", 0, NULL [pid 308] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] <... futex resumed>) = 0 [pid 304] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7fbff9fc49a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x01\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 316] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 316] futex(0x7fbffa0b13fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 316] mount("./file0", "./file0", "incremental-fs", 0, NULL [pid 304] futex(0x7fbffa0b13f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.199583][ T28] audit: type=1400 audit(1710577959.395:72): avc: denied { mounton } for pid=301 comm="syz-executor977" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.229798][ T28] audit: type=1400 audit(1710577959.395:73): avc: denied { mount } for pid=301 comm="syz-executor977" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 304] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9f83000 [pid 301] mprotect(0x7fbff9f84000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fa3990, parent_tid=0x7fbff9fa3990, exit_signal=0, stack=0x7fbff9f83000, stack_size=0x20300, tls=0x7fbff9fa36c0} => {parent_tid=[317]}, 88) = 317 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fbffa0b1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 301] futex(0x7fbffa0b140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9f83000 [pid 303] mprotect(0x7fbff9f84000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 317 attached [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fa3990, parent_tid=0x7fbff9fa3990, exit_signal=0, stack=0x7fbff9f83000, stack_size=0x20300, tls=0x7fbff9fa36c0} [pid 317] set_robust_list(0x7fbff9fa39a0, 24./strace-static-x86_64: Process 318 attached ) = 0 [pid 318] set_robust_list(0x7fbff9fa39a0, 24 [pid 317] rt_sigprocmask(SIG_SETMASK, [], [pid 303] <... clone3 resumed> => {parent_tid=[318]}, 88) = 318 [pid 318] <... set_robust_list resumed>) = 0 [pid 317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 318] rt_sigprocmask(SIG_SETMASK, [], [pid 317] read(3, [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 317] <... read resumed>"\x30\x00\x00\x00\x1b\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x32\x01\x00\x00\x00\x00\x00\x00\x00\x80\x01\x00\x00\x00\x00\x00", 8192) = 48 [pid 303] futex(0x7fbffa0b1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7fbffa0b140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 0 [pid 317] futex(0x7fbffa0b1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 318] read(3, "\x30\x00\x00\x00\x1b\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x31\x01\x00\x00\x00\x00\x00\x00\x00\x80\x01\x00\x00\x00\x00\x00", 8192) = 48 [pid 318] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7fbffa0b1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9f83000 [pid 307] mprotect(0x7fbff9f84000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fa3990, parent_tid=0x7fbff9fa3990, exit_signal=0, stack=0x7fbff9f83000, stack_size=0x20300, tls=0x7fbff9fa36c0}./strace-static-x86_64: Process 319 attached => {parent_tid=[319]}, 88) = 319 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] set_robust_list(0x7fbff9fa39a0, 24 [pid 307] futex(0x7fbffa0b1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fbffa0b140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... set_robust_list resumed>) = 0 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] read(3, "\x30\x00\x00\x00\x1b\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x01\x00\x00\x00\x00\x00\x00\x00\x80\x01\x00\x00\x00\x00\x00", 8192) = 48 [pid 319] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 319] futex(0x7fbffa0b1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fbffa0b13fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9f83000 [pid 308] mprotect(0x7fbff9f84000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fa3990, parent_tid=0x7fbff9fa3990, exit_signal=0, stack=0x7fbff9f83000, stack_size=0x20300, tls=0x7fbff9fa36c0}./strace-static-x86_64: Process 320 attached => {parent_tid=[320]}, 88) = 320 [pid 308] rt_sigprocmask(SIG_SETMASK, [], [pid 320] set_robust_list(0x7fbff9fa39a0, 24 [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] futex(0x7fbffa0b1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fbffa0b140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... set_robust_list resumed>) = 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] read(3, "\x30\x00\x00\x00\x1b\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x36\x01\x00\x00\x00\x00\x00\x00\x00\x80\x01\x00\x00\x00\x00\x00", 8192) = 48 [pid 320] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 320] futex(0x7fbffa0b1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbff9f83000 [pid 304] mprotect(0x7fbff9f84000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbff9fa3990, parent_tid=0x7fbff9fa3990, exit_signal=0, stack=0x7fbff9f83000, stack_size=0x20300, tls=0x7fbff9fa36c0} => {parent_tid=[321]}, 88) = 321 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7fbffa0b1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbffa0b140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7fbff9fa39a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] read(3, "\x2f\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x01\x00\x00\x00\x00\x00\x00\x2e\x69\x6e\x64\x65\x78\x00", 8192) = 47 [ 21.252016][ T28] audit: type=1400 audit(1710577959.415:74): avc: denied { mounton } for pid=303 comm="syz-executor977" path="/root/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 21.293949][ T312] general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN [pid 321] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x05\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x00"..., 144) = 144 [pid 321] futex(0x7fbffa0b140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 321] <... futex resumed>) = 1 [ 21.305502][ T312] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 21.313739][ T312] CPU: 0 PID: 312 Comm: syz-executor977 Not tainted 6.1.68-syzkaller-00059-gef39f76e4d24 #0 [ 21.323633][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 21.333527][ T312] RIP: 0010:open_or_create_special_dir+0x89/0x1d0 [ 21.339779][ T312] Code: e8 ac a0 52 ff e9 07 01 00 00 e8 a2 a0 52 ff 48 c7 c3 ea ff ff ff e9 f6 00 00 00 4c 89 6d d0 4c 8d 6b 30 4d 89 ef 49 c1 ef 03 <43> 80 3c 37 00 74 08 4c 89 ef e8 18 74 99 ff 49 83 7d 00 00 74 26 [ 21.359220][ T312] RSP: 0018:ffffc90000f37a78 EFLAGS: 00010202 [ 21.365121][ T312] RAX: 0000000000000008 RBX: 0000000000000008 RCX: ffff888109b66540 [ 21.372938][ T312] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888109b61468 [ 21.380748][ T312] RBP: ffffc90000f37ab0 R08: dffffc0000000000 R09: ffffed102136c28e [ 21.388559][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ee95980 [ 21.396371][ T312] R13: 0000000000000038 R14: dffffc0000000000 R15: 0000000000000007 [ 21.404179][ T312] FS: 00007fbff9fc46c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 21.412944][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.419366][ T312] CR2: 0000000020008fc0 CR3: 000000012227e000 CR4: 00000000003506b0 [ 21.427181][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.435001][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.442803][ T312] Call Trace: [ 21.445925][ T312] [ 21.448708][ T312] ? __die_body+0x62/0xb0 [ 21.452875][ T312] ? die_addr+0x9f/0xd0 [pid 321] futex(0x7fbffa0b1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] exit_group(0 [pid 321] <... futex resumed>) = ? [ 21.456867][ T312] ? exc_general_protection+0x317/0x4c0 [ 21.462253][ T312] ? rwsem_spin_on_owner+0x4a0/0x4a0 [ 21.467366][ T312] ? asm_exc_general_protection+0x27/0x30 [ 21.472918][ T312] ? open_or_create_special_dir+0x89/0x1d0 [ 21.478560][ T312] ? open_or_create_special_dir+0x4f/0x1d0 [ 21.484205][ T312] incfs_mount_fs+0x49b/0xa30 [ 21.488715][ T312] ? incfs_unlink+0x90/0x90 [ 21.493054][ T312] ? vfs_parse_fs_string+0x18c/0x220 [ 21.498383][ T312] ? cap_capable+0x1d2/0x270 [ 21.502812][ T312] legacy_get_tree+0xf1/0x190 [ 21.507317][ T312] ? incfs_unlink+0x90/0x90 [ 21.511660][ T312] vfs_get_tree+0x88/0x290 [ 21.515918][ T312] do_new_mount+0x28b/0xad0 [ 21.520250][ T312] ? do_move_mount_old+0x160/0x160 [ 21.525202][ T312] ? security_capable+0x87/0xb0 [ 21.529892][ T312] ? ns_capable+0x89/0xe0 [ 21.534058][ T312] path_mount+0x671/0x1070 [ 21.538310][ T312] ? user_path_at_empty+0x14e/0x1a0 [ 21.543346][ T312] __se_sys_mount+0x2c4/0x3b0 [ 21.547864][ T312] ? __x64_sys_mount+0xd0/0xd0 [ 21.552450][ T312] ? fpregs_restore_userregs+0x130/0x290 [ 21.557924][ T312] __x64_sys_mount+0xbf/0xd0 [ 21.562348][ T312] do_syscall_64+0x3d/0xb0 [ 21.566607][ T312] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 21.572330][ T312] RIP: 0033:0x7fbffa027b49 [ 21.576580][ T312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 21.596029][ T312] RSP: 002b:00007fbff9fc4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 311] <... openat resumed>) = ? [pid 304] <... exit_group resumed>) = ? [pid 321] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ [ 21.604269][ T312] RAX: ffffffffffffffda RBX: 00007fbffa0b13f8 RCX: 00007fbffa027b49 [ 21.612080][ T312] RDX: 0000000020000180 RSI: 00000000200000c0 RDI: 0000000020000080 [ 21.619893][ T312] RBP: 00007fbffa0b13f0 R08: 0000000000000000 R09: 0000000000000000 [ 21.627701][ T312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbffa07e0bc [ 21.635516][ T312] R13: 0030656c69662f2e R14: 00007ffccaee8930 R15: 00007fbffa07e0d4 [ 21.643333][ T312] [ 21.646188][ T312] Modules linked in: [ 21.650687][ T312] ---[ end trace 0000000000000000 ]--- [ 21.657022][ T312] RIP: 0010:open_or_create_special_dir+0x89/0x1d0 [ 21.663371][ T312] Code: e8 ac a0 52 ff e9 07 01 00 00 e8 a2 a0 52 ff 48 c7 c3 ea ff ff ff e9 f6 00 00 00 4c 89 6d d0 4c 8d 6b 30 4d 89 ef 49 c1 ef 03 <43> 80 3c 37 00 74 08 4c 89 ef e8 18 74 99 ff 49 83 7d 00 00 74 26 [ 21.682966][ T312] RSP: 0018:ffffc90000f37a78 EFLAGS: 00010202 [ 21.689018][ T312] RAX: 0000000000000008 RBX: 0000000000000008 RCX: ffff888109b66540 [ 21.696954][ T312] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888109b61468 [ 21.704744][ T312] RBP: ffffc90000f37ab0 R08: dffffc0000000000 R09: ffffed102136c28e [ 21.712691][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ee95980 [ 21.722852][ T312] R13: 0000000000000038 R14: dffffc0000000000 R15: 0000000000000007 [ 21.730749][ T312] FS: 00007fbff9fc46c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.739550][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.746001][ T312] CR2: 00005647a1e670e8 CR3: 000000012227e000 CR4: 00000000003506a0 [pid 301] exit_group(0 [pid 317] <... futex resumed>) = ? [pid 301] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 303] exit_group(0 [pid 318] <... futex resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 318] +++ exited with 0 +++ [ 21.753952][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.761763][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.769653][ T313] incfs_lookup_dentry err:-4 [ 21.769901][ T312] Kernel panic - not syncing: Fatal exception [ 21.774220][ T312] Kernel Offset: disabled [ 21.784254][ T312] Rebooting in 86400 seconds..